SecurityStrategy is an abstract superpclass for implementing a platform-independent
security scheme, outlined by Greg Frascadore in Java Pro, May 1999,
pp. 20-33. Some source is available at www.java-pro.com.

The SecurityStrategy contains the abstract methods that various vendor-
specific classes must implement. The various methods take instances
that conform to various marker interfaces (see Patterns, Garard).
These are interfaces that simply signify something about the class being
passed in. The class that inherits from SecurityStrategy calls back the
caller after switching on security calls.

Note that this class, and the other security classes, are declared
public. This is contrary to enforcing effective security; and class from
outside this package can inherit from SecurityStrategy, along with the
various Badge interfaces, and therefore bypass security. This is OK, and
desired, for our uses; basically, we want security to go away and leave
us alone. Serious commercial apps need to be more careful on this front,
and should therefore have security classes limited to only this package.

This implementation differs from the one in _Java Pro_. The one there, by
Frascadore, uses a single callback method, invoke(), used by all classes.
The security strategy always called back to invoke(). This implementation
is more complex. The caller can pass in a string that is used to look
up a method name, which is dispatched at runtime on the calling object.
The caller can optionally pass in parameters for the method that is called
back by passing in an array of arguments. Also, the SecurityStrategy is
implemented as an abstract class, rather than an interface. It seems to me
that there won't be multiple root classes for security strategies; one
inheritance path is good enough. Also, this allows us to stick a static
method into the class, getSecurityStrategy, that returns a platform-appropriate
instance--NetscapeSecurityStrategy when running under Navigator, MicrosoftSecurityStrategy
when running under IE. This would not be possible with an interface, and the
resulting code would have to be placed somewhere non-obvious.

Compiling this code can be slightly tricky. To compile all the classes in
the directory, see
compiling.html.

If you
don't want some platform's security model, just delete it.

A somewhat longer version of this discussion appears in
security.html.

classesForInstances(java.lang.Object[] pInstanceArray)
A utility method that, when given an array of instances, returns an
array of the corresponding classes for each object instance in the
original array.

static void

debug(java.lang.String pDebugStatement)
Prints out a debugging statement if debugging is turned on.

getSecurityStrategy

Create a security strategy appropriate to the platform we are currently
running on, and return it. When running under Netscape, this will return
a NetscapeSecurityStrategy; under IE, a MicrosoftSecurityStrategy.

This gets the java.vendor property from the VM in order to take a guess
at the platform and security model under use.

invokePrivilege

Enables communication across the network, including multicast. The object that
implements the NetworkCommBadge marker interface is passed in; we call it back
after implementing any security calls required. The callback is required in
some security schemes because they walk the stack looking for security issues.

Parameters:

pCommBadge - the instance requesting priviliges

pMethodCallbackName - the method to call in that instance

invokePrivilege

Enables communication across the network, including multicast. The object that
implements the NetworkCommBadge marker interface is passed in; we call it back
after implementing any security calls required. The callback is required in
some security schemes because they walk the stack looking for security issues.
The method arguments are passed in an an array.